Remove Internal Exchange Server Names and IP Addresses from Message Headers

Message Headers 01 2 1

When you send an email message, the recipient can view the headers of the message and see all of the “hops” that the message went through on its journey from one mailbox to another.

The header info is very useful in troubleshooting situations, because you can copy/paste it into tools like the message analyzer in the Microsoft Remote Connectivity Analyzer and look at things like delays in message transfer between servers along the route the message took.

However, some organizations don’t want their internal Exchange server names and IP addresses exposed in the message headers of emails sent outside of their organization. To remove them, you can use a feature called the header firewall, which is explained in detail on TechNet.

The first step is to determine the name of your outbound send connector for internet email. In my environment an Edge Transport server is used for outbound mail, so the outbound send connector is named “EdgeSync – Datacenter1 to Internet” (Datacenter1 is the name of the Active Directory site the Edge server is subscribed to). I want to remove the message headers for outbound mail sent over that connnector only, and not impact the messages sent over other connectors to Office 365 or the Globomantics partner organization.

Image 123

The command to remove the message headers is as follows:

[PS] C:\>Get-SendConnector “EdgeSync – Datacenter1 to Internet” | Remove-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights ms-Exch-Send-Headers-Routing

After running that command, I needed to wait for EdgeSync to run (or run it manually) before the change would take effect. After the change has taken effect, outbound messages no longer contain the internal server names and IP addresses in the headers. Only the Edge Transport server name and IP address are shown.

If you need to reverse the change, use Add-AdPermission instead of Remove-AdPermission.

[PS] C:\>Get-SendConnector “EdgeSync – Datacenter1 to Internet” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights ms-Exch-Send-Headers-Routing


Bài trướcCisco ASA Disable ESMTP Inspection
Bài tiếp theoLayer 2 vs Layer 3 Switch: Which One Do You Need?
Hi, Nguyen Van Phuong is the owner of the website I 've been working in the IT sector since 2008. With nearly 11 years experience in the fields of design development, Governance, operating system enterprise network infrastructure.. I'm now a senior Infrastructure Administrator for the Enterprise network. Achivements: IT Project management IT management System and Network IT Security and data protection. Plan and bugged for Infrastructure and Security Deployment system Server (HP, IBM, Lenovo, Dell..), Network (Cisco, Juniper, Enterasys,..), PABX system, Firewall (Cisco ASA 5525-x, Juniper SSG520,..) Network system administration and maintenance: +Management all network configure IT system: AD, DNS, DHCP, Cores switch, Access switch, Router, Firewall, etc. Design & implement IT system, project management and manage IT operation, I also have extensive experience of ERP System base SQL , HRM, etc. Vendor/external system integrator management: support other department in terms of technical specifications for cost optimize, business process efficiency, procurement spend compliance. Virtualization System Deployment on Microsoft Windows Server 2016 (Hyper-V) and VMware ( Vmware vSphere 5.5, 6.5,6.7 vCenter) Backup and restore management on Symantec backup products (Veritas Backup 16, 20, 20.1, 20.2 ), Veeam Backup & Replication 9.0, 9.5U1, 9.5U2 U3, U4


Vui lòng nhập bình luận của bạn
Vui lòng nhập tên của bạn ở đây